CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.4%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/gl-inet/CVE-issues/blob/main/3.215/GL-MV1000_Arbitrary_File_Creation.md
https://www.gl-inet.com
https://github.com/gl-inet/CVE-issues/blob/main/3.215/GL-MV1000_Arbitrary_File_Creation.md
https://www.gl-inet.com

Products affected by CVE-2023-31476

Gl-Inet » Gl-Mv1000 » Version: N/A

cpe:2.3:h:gl-inet:gl-mv1000:-
Gl-Inet » Gl-Mv1000w » Version: N/A

cpe:2.3:h:gl-inet:gl-mv1000w:-
Gl-Inet » Gl-Mv1000 Firmware » Version: N/A

cpe:2.3:o:gl-inet:gl-mv1000_firmware:-
Gl-Inet » Gl-Mv1000 Firmware » Version: 3.215

cpe:2.3:o:gl-inet:gl-mv1000_firmware:3.215
Gl-Inet » Gl-Mv1000w Firmware » Version: N/A

cpe:2.3:o:gl-inet:gl-mv1000w_firmware:-
Gl-Inet » Gl-Mv1000w Firmware » Version: 3.215

cpe:2.3:o:gl-inet:gl-mv1000w_firmware:3.215

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-31476

Products

Pricing

Contact Us